How to connect a smb (Samba) windows printer without password in clear text

Help
1

I want to connect to a Windows Network printer over the smb protocol. It works wenn I add the username and password in clear text in the connection string, but this would be a huge security risk.

Anyone know how to add the user & pw in more secure way?

# configuration.nix
  services.printing = {
    enable = true;
    drivers = with pkgs; [ hplip ];
  };

  hardware.printers.ensureDefaultPrinter = "printername";
  hardware.printers.ensurePrinters = [{
    name = "printername";
    # would work if adding user&pw here (at least it works when done so directly in CUPS
    # e.g. "smb://user:pw@print-server.com/printer"
    deviceUri = "smb://print-server.com/printer";
    model = "HP/hp-color_laserjet_mfp_m577-ps.ppd.gz";
    ppdOptions = {
      Duplex = "DuplexNoTumble";
      PageSize = "A4";
      # This worked in a old config, but not anymore (CUPS will not promt)
      auth-info-required = "username,password"; 
    };
  }];

  services.samba.enable = true;
2

as far as I know, the only why to make it more secure, is to have it link to a file where the password and username are. but, this is really only more secure if you’r sharing your config code rather than your system.

there might be a better why, but I don’t know it. and I would show how to link to a file containing the info, but I literally deleted my only example like last week and more recently did a garbage dump, so I don’t know the syntax.

3

Something like agenix or spos-nix is usually used to store values encrypted in the store.

4

Oh too bad :slight_smile: Somebody else told me that’s probably the way to go and it would be enough enough secure for me… (i just don’t want it in my nix config that I have on github, and even if the repo is private i don’t want any credentials in the git repo).